On 02/02/2016 09:21 AM, Alexander Bokovoy wrote:
On Mon, 01 Feb 2016, Jakub Hrozek wrote:
On Tue, Jan 05, 2016 at 07:55:33PM +0100, Sumit Bose wrote:
Hi,

to find out to which local group a external user is mapped we do a
dereference search over the external groups with the SIDs related to the
external user. If a SID is mapped to more than one external group we
currently consider only the first returned match. With this patch all
results are taken into account. This makes sure all expected local group
memberships are added to the PAC which resolves
https://fedorahosted.org/freeipa/ticket/5573.

I tested with an AD user who was a member of several IPA external
groups. All
groups were displayed.  We also have positive feedback from several users
who applied this patch.

The code looks good to me as well, Sumit explained some parts I didn't
understand on IRC.

ACK from me..
... and ACK from me too.

Pushed to:
master: 348c400484cafe4969c3fa0c9f0c6f6e150df821
ipa-4-3: d6e81749c3d5904cfae59921802895b6cff528ff
ipa-4-2: d70c86f71a405984db24947a8e1c0caebdc499c8
--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to